The new built-in tapset function abort() is similar to exit(), but it
aborts the current probe handler (and any function calls in it) immediately.
It works with both the kernel and dyninst runtimes. The bpf runtime is not
yet supported.
Unlike error(), abort() cannot be caught by try {...} catch {...}.
Similar to exit(), abort() yeilds the zero process exit code.
fche thinks it is already too late to change the current behavior of
exit(), hence this new function. And he suggests the function name abort().
Also added corresponding tests for both abort() and exit(), including
tests for probe timer.profile + abort(), as suggested by fche. The tests
cover both the kernel and dyninst runtimes wherever possible.
This new function can be disabled by the '--compatible 3.3' option. Also
added tests for this.
William Cohen [Fri, 31 Aug 2018 14:09:31 +0000 (10:09 -0400)]
Use returnval() rather than $return for various syscall tapset probes
With newer linux 4.17 kernel some of the syscall tapset return probes
do not have $return available. The example scripts have been changed
to use returnval() function instead of the missing $return.
William Cohen [Thu, 30 Aug 2018 21:17:16 +0000 (17:17 -0400)]
Use a more stable function name for running the linetimes.stp tests
There have a been a number of changes in the Linux 4.17 kernel syscall
function names and a function named sys_nanosleep no longer exists in
the newer kernels. Adjusting the tests to use similar function that
is less likely to be affected from the syscall name changes.
William Cohen [Thu, 30 Aug 2018 21:05:58 +0000 (17:05 -0400)]
Have whythefail.stp probe a function that's name has not changed
The Linux 4.17 kernel has made a number of changes in the syscall
function names. These changes caused the whythefail.stp test to fail.
Rather than probing the sys_open function which no longer exists in
the 4.17 kernels the tests are now using the do_sys_open function
which remains the same.
William Cohen [Thu, 30 Aug 2018 19:37:22 +0000 (15:37 -0400)]
Use returnval() for syscalls.*.return in pstree.stp
Changes to the syscall tapsets make it much more likely to get
syscall.*.return probe points that do not have the $return target
variable available. Using the returnval() function to get the return
value via the ptreg avoids this issue.
Minor fixes in test files at_var_print.exp & tautological_cmp.exp
Fixed issues where we failed to interpret the macro variable $^PWD in
the .stp template files and we incorrectly treats any stap runs with
stderr output a failed run (i.e., with nonzero exit code). Also made
some other minor improvements.
Make the 3rd operand of ternary '?:' bind tighter than binary '='
In the C language, the 3rd operand of the ternary operator binds tighter
than the binary assignment operators. It is better for the stap language
to be consistent with C in operator precedence.
Added several tests to check the precedence of the ternary operator,
including nested ternary operator expressions. I've verified the results
with similar C programs with gcc myself.
Fixed an existing test case under systemtap.examples/, ansi_colors2.stp,
which incorrectly assumed that `+=` binds tighter than the 3rd operand
of the ternary operator.
The original behavior can be restored by the --compatible 3.3 option.
Updated NEWS to reflect this backward-incompatible change in the parser.
Frank Ch. Eigler [Mon, 27 Aug 2018 16:59:42 +0000 (12:59 -0400)]
PR23572 workaround: add an alarm() around some dyninst infrastructure calls
Some calls have been observed to hang for no obvious reason.
An alarm(2) placed around these should at least let stapdyn
shut down (with an error), instead of just sitting there.
Pass -Wno-tautological-compare when building kernel modules and dyninst DSO
Currently we always turn on -Wall and -Werror when compiling the kernel
module and the dyninst DSO. This causes compile-time errors when the user
input stap scripts contain inefficiencies like `a == a` or `a != a`, which
can be common for automatically generated stap code from naive tools.
Frank Ch. Eigler [Thu, 23 Aug 2018 02:23:24 +0000 (22:23 -0400)]
stap-exporter: add testsuite etc.
Dejagnu tried but failed to cause complete self-hair-yankage,
so now we run stap-exporter, and send a variety of wget queries
to it to exercise autostart, keepalive, stop, etc. stap-exporter
also cleans up any __foo.ko turds stap leaves in $cwd in case of
a "stap -m __foo" type invocation.
Frank Ch. Eigler [Wed, 15 Aug 2018 19:36:54 +0000 (15:36 -0400)]
stap-exporter: rework configuration
Stop hardcoding "stap --example URLPIECE" into the python module;
instead run the "URLPIECE" script from under the /etc/stap-exporter
directory. This way, one can have some non-default stap options
added. (The default set of scripts is stored in the default/
subdirectory in the source tree.)
Command line options for stap-exporter can now be overridden from a
/etc/sysconfig/stap-exporter file suitable for use by systemd
EnvironmentFile=.
Move scripts directory to /etc/stap-exporter; search *.stp files
systematically to compute candidate URLs; simplify implementation.
Expand the stap-exporter.8 man page.
stap-exporter/procfs: stop special "__prometheus" name mapping
There's no need to mangle the procfs parameter name.
Serhei Makarov [Tue, 21 Aug 2018 17:22:53 +0000 (13:22 -0400)]
PR23480 oops: fix timing of exit phase
Unregistering probes can take a long time, which opens basic stapbpf
scripts to spurious termination. Will need to futher investigate
when it is that the parent stap process sends a spurious SIGINT,
but this fix appears to suffice.
* stapbpf/stapbpf.cxx (main): move exit phase after unregistration.
William Cohen [Mon, 20 Aug 2018 18:44:12 +0000 (14:44 -0400)]
Make library name format consistent with kprocess.exec names in also_ran.stp
kprocess.exec filename were quoted, but the library names were not.
Adjusted the script to use quoted strings for the library names also
so all the prometheus output is consistent.
Serhei Makarov [Mon, 20 Aug 2018 18:48:07 +0000 (14:48 -0400)]
PR23480: handle SIGINT/SIGTERM differently during stapbpf exit phase
During an infinite loop in probe end {}, stapbpf was unresponsive to ^C.
Fixed by restoring the SIGINT handler and marking an exit phase before
running probe end, then exiting in response to ^C during the exit phase.
* stapbpf/stapbpf.cxx (exit_phase): new variable.
(interrupt_message): ditto.
(sigint): print message and exit immediately during exit phase.
(main): mark exit phase and restore disabled signal handlers.
Serhei Makarov [Fri, 17 Aug 2018 15:32:15 +0000 (11:32 -0400)]
PR21888 / 23510: make sure print() and println() tag their
* bpf-translate.cxx (visit_print_format): add a tag to synthesized format strings.
* stapbpf/bpfinterp.cxx (remove_tag): TODO note potential segfault to guard against later.
* testsuite/systemtap.bpf/bpf_tests/logging2.stp: new testcase for print()/println().
* bpf-translate.cxx (bpf_unparser::emit_store): using uninitialized memory
from the stack would be a potential data leak and is therefore forbidden
-- remove the commented out code. (Although we could zero the stack ourselves.)
* stapbpf/stapbpf.cxx (instantiate_map): the size_t vars should be rlim_t.
Serhei Makarov [Thu, 16 Aug 2018 15:38:27 +0000 (11:38 -0400)]
stapbpf maps, PR23407: increase BPF_MAXMAP_ENTRIES, ensure space with setrlimit
eBPF maps can be arbitrarily large, but they live in memlocked memory
which has a very low default maximum per-process.
This patch increases RLIMIT_MEMLOCK to allow larger maps, and
increases BPF_MAX_MAPENTRIES to 2048.
Since the rlimit is set separately for each process, impact on the
system should not be significant.
TODO: The exact amount by which to increase the rlimit is a matter for
some experimentation. In addition to the space for keys and values,
there is a per-entry overhead that may need to be tweaked upwards
based on further testing.
* bpf-internal.h (BPF_MAXMAPENTRIES): now bigger.
* stapbpf.cxx (instantiate_maps): increase RLIMIT_MEMLOCK before
allocating maps, add diagnostic printfs.
Serhei Makarov [Tue, 14 Aug 2018 20:45:57 +0000 (16:45 -0400)]
PR23407 WIP: more proppa string support
Implemented zero-padding to BPF_MAXSTRINGLEN(=64) bytes, so
strings now work as map keys and values. There are some oddities unimplemented:
- huge maps are possible but require an advance call to setrlimit() -- must implement
- for now the limit is just 16 map elements ;_;
- we zero-pad strings in a couple of cases where that's not needed
- may output spurious string literal code if the literal is later padded
In short, more testing and tweaking is needed.
Special thanks to Valgrind&Memcheck code for a treasure trove of bit-twiddling
to look at in writing this code.
* bpf-internal.h (BPF_MAXMAPENTRIES): TODO only 16 for now unless v->maxsize is set.
(emit_literal_str): New function, not sure where to stick it for now.
* bpf-opt.cxx (alloc_literal_str): Renamed from emit_literal_string, just does
allocation while the string-literal-emitting loop is moved to bpf-translate.cxx.
(lower_str_values): Rename emit_literal_string to alloc_literal_str, fix warnings.
* bpf-translate.cxx (struct bpf_unparser): Some new functions.
(bpf_unparser::emit_store): Use emit_long_arg, emit_str_arg. TODO it should be
possible to avoid copying string in a couple of the cases but I haven't got that
variant to satisfy the verifier.
(bpf_unparser::visit_delete_statement): Use emit_long_arg, emit_str_arg.
(bpf_unparser::visit_symbol): Just return the address of a string in a map.
(bpf_unparser::visit_arrayindex): Use emit_long_arg, emit_str_arg.
(bpf_unparser::visit_array_in): Use emit_long_arg, emit_str_arg.
(emit_literal_str): New function, moved from bpf-opt.cxx/emit_literal_string;
adds some logic to do zero-padding when necessary.
(bpf_unparser::emit_copied_str): New function, copies a string and optionally
zero-pads it. Does the Right Thing if given a literal.
(bpf_unparser::emit_long_arg): New function, replaces repeated pattern of
putting a long argument on the stack to pass its address.
(bpf_unparser::emit_str_arg): New function, put a string on the stack and
return its address.
(bpf_unparser::visit_print_format): Delete old string literal code.
(build_internal_globals): Build another globals map for string variables.
* stapbpf/bpfinterp.cxx (bpf_sprintf): Enforce limit of 256.
(bpf_interpret): Make strings vector static to remove Very Weird Bug.
* testsuite/systemtap.bpf/bpf_tests/string1.stp: enable full test, remove repetition.
* testsuite/systemtap.bpf/bpf_tests/string3.stp: another testcase, writing string maps
from kernel-mode.
William Cohen [Fri, 10 Aug 2018 20:21:01 +0000 (16:21 -0400)]
Allow syscallerrorsbypid.stp to track syscall 0
The test in the the sys_exit tracepoint handler would cause errors for
syscalls numbered 0 to be ignored. On i386 and x86_64 machines
syscall 0 is the read syscall, which we would really like to have
error information about. Adjusted the test to properly handle
syscalls numbered 0.
William Cohen [Thu, 9 Aug 2018 19:41:32 +0000 (15:41 -0400)]
Use the flexible Prometheus formatting to lower cost of recording data
We want to keep the recording code as simple as possible to reduce the
overhead. Recording the syscall number avoids making a function call,
generating a string for each syscall, and has simpler associative
array indexing.
The one down side of this approach is on 64-bit machines where there
are differences between 32-bit and 64-bit syscall numbering and names
32-bit code is going to get the wrong 64-bit syscall names for the
32-bit syscalls.
William Cohen [Thu, 9 Aug 2018 19:26:27 +0000 (15:26 -0400)]
Allow more flexible Prometheus output formatting
There are cases where would like adjust the output of the data being
generated in Prometheus format. For example, storing syscall numbers
to minimize the overhead of recording the information and then map
syscall numbers to more symbolic names when generating the Prometheus
formated data.
The existing prometheus_dump_array* macros work as before and there is
now a matching set of prometheus_dump_array_map* macros that have
additional arguments to pass in mapping functions. For unmodified
fields the sprint function is used. Below is a use where the "count"
and "pid" fields are printed out as the default
@prometheus_dump_array2 would print them and the "syscall" field is
translated from a number to the syscall name by the syscall_name
function.
Serhei Makarov [Tue, 7 Aug 2018 21:33:29 +0000 (17:33 -0400)]
BZ1610289: drop rpm dependency on 'initscripts', standalone systemtap-service
Instead of an initscript, prefer a systemd unit file where systemd is available.
The old initscript is retained as a new utility command 'systemtap-service'
since it includes functionality that can't be controlled by systemd's interface.
* systemtap.service: New unit file for systemd.
* systemtap.spec: Remove dependency on 'initscripts' unless systemd is absent;
install old init script to %{_sbindir} as 'systemtap-service'; include new
unit file for systemd.
* man/systemtap.8.in: document the change.
* NEWS: document the change.
Useful for the fastest compilation speed during development (for example,
compiling elaborate.cxx with -O0 is 42.6% faster than -O1 on my mid-2015
MBP).
syscalls tapset: use (void*)(uintptr_t) cast sequence for ->sregs
We need to be able to take 64-bit ints and plop them even into measly
32-bit pointers, without the compiler having a cow. So cast through
(uintptr_t), like elsewhere.
testsuite: support installcheck-parallel in build=src trees
The installcheck* series of Makefile rules both prereq and
may nuke the site.exp file. For some reason, this hits
build=src tree configurations immediately, and is probably
a race in others. We now explicitly remake that file after
the nested "$(MAKE) clean".
PR23488: support CONFIG_DEBUG_INFO_REDUCED kernels for typequery/tracequery .ko's
This kconfig parameter kills use of @cast() and probably some
kernel.trace() usage, so we override it in those Makefiles.
(PS. Real friends stop friends from reducing debuginfo.)
diagnostics: handle -vvvv better for staptrees mid-elision
Several of the dead-statement type elision passes temporarily
substitute 0 pointers for actual staptree nodes. If coupled with
-vvvv pretty-printing, these 0's had a way of triggering segvs.
Now more of these pretty-printers explicitly test for 0.
Stan Cox [Thu, 2 Aug 2018 02:43:34 +0000 (22:43 -0400)]
Add https handling to http client.
The existing nss server certificate database and access routines are used
except without the assistance of avahi. Server is specified
via --use-http-server=https://HOST:PORT
* configure.ac (openssl): Add openssl_LIBS
* configure: Regenerate
* config.in: Regenerate
* Makefile.am (*_LDADD): Add openssl_LIBS
* Makefile.in: Regenerate
* client-http.cxx (http_client::download_pem_cert)
(http_client::add_server_cert_to_client)
(http_client::check_trust): New
(http_client_backend::find_and_connect_to_server): Call new
methods to do https handling.
(http_client_backend::fill_in_server_info)
(http_client_backend::trust_server_info): Likewise.
* nss_funcs.cxx (nss_get_server_cert_info): Also return the cert pem
(nss_get_server_pw_info): Do the private key handling via spawn
of pk12util and openssl.
* server.cxx (base_dir_rh::GET): Add certificate
(server::start): Handle the certificate and private key.
* nss-server-info.cxx (get_server_info_from_db): Move host name
fetch to get_host_name.
(isDomain): Allow for https prefix
(resolve_host): Also set unresolved_host_name to capture the
original host_name
(nss_get_or_keep_online_server_info): Get servers for https case.
* nsscommon.cxx (get_host_name): Moved from
get_server_info_from_db.
(get_pem_cert_is_valid, cvt_nss_to_pem, get_pem_cert)
(have_san_match): New
(testsuite/lib/http_server.exp): Pause to allow pk12util/openssl
spawn to complete.
(testsuite/systemtap.server_trust.exp): New
David Smith [Mon, 23 Jul 2018 19:13:39 +0000 (14:13 -0500)]
Fix a http client bug with a non-existing executable path.
* client-http.cxx (http_client_backend::include_file_or_directory): If we
can't canonicalize a user path, don't pretend we included the file
successfully.
PR21888 WIP: basic bpf variants of logging functions
The prior patch for PR23407 allows some progress on this.
Not everything works yet: PR23435 means some output could get
swallowed in a probe that calls exit(). Moreover assert() does
not work yet -- need to check what must be changed to allow
the string to be passed into a nested call.
* tapset/logging.stp (log): add bpf variant.
(warn): add basic bpf variant.
(error): actually print the error in bpf variant.
David Smith [Fri, 20 Jul 2018 17:46:27 +0000 (12:46 -0500)]
Fix a http server POST data handling bug.
* httpd/server.cxx (connection_info::postdataiterator): Handle POST data
being broken up into several calls. Remove some too verbose status
messages.
* httpd/api.cxx: Remove some too verbose status messages.
PR23407 WIP: stapbpf support for strings as first class values
This is a basic patch which defines the STR value_type, denoting
string constants, which are lowered to pointers to literal strings on
the stack by a pass in bpf-opt.cxx. Currently, space for strings is
allocated using the program::use_tmp_space() mechanism. More than
one string literal can be stored on the stack at a time.
Limitations are 256 bytes for format strings, 64 bytes for other strings.
TODO: The code to allocate literal strings can later be integrated
with register allocation, in order to make more efficient use of
limited (512 bytes) stack space. Currently it's a bit greedy.
The next step is to support storing strings in global data structures
(bpf maps). Since bpf map helpers automatically copy data from the stack
to the map value, this should not be difficult to accomplish.
* bpf-internal.h (BPF_MAXSTRINGLEN, BPF_MAXFORMATLEN): New defines.
(enum value::value_type): New value_type STR denoting string constant.
(value::str_val): New field.
(value::value): Add option to set str_val.
(value::mk_str): New method.
(value::is_str): New method.
(value::str): New method.
(program::str_map): New field.
(program::new_str): New method.
* bpf-base.cxx (value::print): Print STR values.
(program::~program): XXX Should clean up str_map.
(program::new_str): New method.
* bpf-opt.cxx (emit_literal_string): Allocate space for a string
literal on the stack, then emit code to store the string in 4-byte chunks.
(lower_str_values): New function. See explanation at the top of the
commit message.
(program::generate): Add lower_str_values pass.
* bpf-translate.cxx (struct bpf_unparser): triage required visitor
functions by comparison with translate.cxx.
(translate_escapes): New function.
(visit_literal_string): New function, convert literal string to STR value.
(visit_compound_expression): BONUS - trying an implementation of this.
(visit_print_format): Create an STR value instead of emitting the
format string code immediately.
* stapbpf/bpfinterp.cxx (remove_tag): Added sanity check while debugging.
* testsuite/systemtap.bpf/bpf_tests/string1.stp: New file (WIP).
Victor Kamensky [Mon, 9 Jul 2018 16:31:19 +0000 (09:31 -0700)]
dwflpp::function_entrypc avoid usage of uninitialized memory
Failure on 3.3 release was observed. Failure was elusive and
disappeared after seemingly random configure option change, or when
code was compiled with -O1 or -O0 (vs default -O2). Running failing
test case under valgrind memcheck pointed to couple places where
'Conditional jump or move depends on uninitialised value(s)' occured.
After addressing these in two places in dwflpp::function_entrypc,
valgrind memcheck run is clean and original issue got fixed.
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
William Cohen [Thu, 12 Jul 2018 20:35:30 +0000 (16:35 -0400)]
Add the also_ran.stp script to the stap-export examples
The also_ran.stp script provides a tally of the executables and shared
libraries run on the system. The counts provide some indication of
how frequently particular executables and shared libraries are
used. The executables and share libraries could be mapped back to the
packages to give an indication of what software packages are being
used on the system.
William Cohen [Thu, 12 Jul 2018 15:56:12 +0000 (11:56 -0400)]
Adjust stap-exporter probe points to work with newer Linux 4.17 kernels
The syscall functions have changed with the linux 4.17 kernel.
Adjusted the example1.stp and example2.stp like the changes for
the non-dwarf syscall tapsets for similar calls.
stapbpf: add sprintf support to user space interpreter.
This patch implements sprintf for probes that run in stapbpf's user
space BPF interpreter. String support is still very limited. The
return value of sprintf can be assigned to a local variable and
passed to printf as an argument, but not much else. The purpose
of this patch is to add just enough string support for stapbpf
procfs probes to be useful (see PR23285).
* bpf-internal.h: add bpf_func_id for sprintf.
* bpf-translate.cxx (visit_print_format): Add logic for returning
the string instead of calling trace_printk.
* bpfinterp.cxx (bpf_interpret, bpf_sprintf): Add handler for sprintf
call to interpreter.
PR23284 + extra: stapbpf logs loaded BPF programs to dmesg.
The name of the original stap script has been added to the .bo file
generated by bpf-translate.cxx as a new ELF section 'stapbpf_script_name'.
* bpf-internal.h (BPF_MAXSTRINGLEN): New constant, may be configurable in future.
* bpf-translate.cxx (output_stapbpf_script_name): New function.
(translate_bpf_pass): Generate new 'stapbpf_script_name' section.
* stapbpf/stapbpf.cxx (prog_load): Log a notification to dmesg before
loading the BPF program. This is analogous to _stp_print_kernel_info
in the default stap backend.
(load_bpf_file): Obtain module_basename (from module_name) and
script_name (from 'stapbpf_script_name' ELF section).
(main): Open /dev/kmesg as a way to output to dmesg.
stap-exporter: remove wait_for_sess_init, use more descriptive http return codes.
* exporter.py: no longer wait for a stap session to begin after receiving a
request to launch it. Respond with code 301 after launching sessions instead of 200.
Respond with code 501 if session's procfs file cannot found.
git://sourceware.org / systemtap.git / log